Apple Posts Four Bug Fixes
Two of the vulnerabilities, which were all identified by the Month of Apple Bugs project, would allow a remote user to access and control the compromised computer. According to the Apple update, proof-of-concepts for the vulnerabilities have been posted on the Month of Apple Bugs Web site, but the company has not spotted working exploits in the wild.
Patches for all four flaws are available online.
Apple reports that a buffer overflow flaw in the Mac OS X's Finder feature could lead to an application crash or remote control. This problem doesn't affect systems prior to Mac OS X v10.4. Apple credits Kevin Finisterre, who participated in the Month of Apple Bugs project, for notifying them of the vulnerability.
Apple also is fixing two flaws in iChat -- one that could cause an application crash and another that could cause a crash or allow a hacker to remotely control the system.
For the first flaw, the company's advisory reports that a null pointer dereference in iChat's Bonjour message handling could allow a local network attacker to cause an application crash. A proof of concept for the flaw has been published on the Month of Apple Bugs Web site. For the second iChat flaw, Apple explains that a format-string vulnerability has been found in the iChat AIM URL handler. If a user clicks on an AIM link to a malicious site, an attacker can trigger the overflow, which may lead to an application crash or arbitrary code execution. A proof of concept for this has been published as well.
Apple also is patching a UserNotification flaw that could allow local users to gain system privileges. The flaw could allow a user to change or overwrite system files. A program that triggers this issue has been published on the Month of Apple Bugs Web site.
A pair of security researchers announced in December that they were launching a month-long bug list of zero-day Mac OS X and Apple application vulnerabilities starting Jan. 1.
The Month of Apple Bugs project, which was similar to November's Month of Kernel Bugs campaign, was hosted by the kernel bug poster who goes by the initials "LMH," and his partner, Finisterre, a researcher who has posted numerous Mac vulnerabilities and analyses on his own site.